logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Alban Crequy, Mauricio Vásquez Bernal
2022-10-26

tldr - powered by Generative AI

The presentation discusses the use of tools for developing initial security policies and network policies in Kubernetes environments. It also explores the challenges of maintaining these policies over time as applications change.
  • Tools can be used to develop initial security policies in Kubernetes environments
  • Network policies are generated based on captured traffic and enriched with Kubernetes-related information
  • Maintaining policies over time can be challenging as applications change and may require new capabilities or system calls
  • Automatic updates to policies may not be reliable without human supervision
Authors: Mritunjay Sharma, Shuting Zhao, Ruhika Bulani
2022-10-25

tldr - powered by Generative AI

The panel discussion focuses on the intersection of Kyverno and DockerSlim in making Kubernetes workloads more secure.
  • Containers have become the norm as cloud adoption increases sharply.
  • Developers face challenges in making containers production-ready and secure.
  • Kyverno and DockerSlim are two projects that address these challenges.
  • Kyverno provides policies that act as a contract for shared environments like Kubernetes.
  • DockerSlim helps in minifying container images and automating the creation of AppArmor and SecComp profiles.
  • The combination of Kyverno and DockerSlim makes cluster security management easier and more efficient.
Conference:  ContainerCon 2022
Authors: Mritunjay Sharma
2022-06-23

tldr - powered by Generative AI

Docker Slim is a tool that makes Docker images smaller, faster, and more secure by analyzing and collecting information from a temporary container.
  • Docker Slim creates a temporary container to analyze and collect information from a fat image
  • It applies heuristics to optimize the image and create a security profile
  • The resulting slim image is much smaller and faster than the original image
  • Docker Slim is a developer-oriented tool that can be used on existing commercial software
  • Future plans for Docker Slim include introducing a Docker Compose feature and using traditional HTTP probes
Conference:  ContainerCon 2022
Authors: Aviv Sasson
2022-06-22

Containers are glorified by the fact that no one can escape them, and frankly - escaping containers is a tricky and complex task that is impossible in most scenarios. Many security layers restrict the container in order to prevent an escape. But what are those layers? How do they work? What are their defaults? Can we modify them? Should we? This session will present the Linux kernel features and mechanisms that make up those layers, including Capabilities, Seccomp, SELinux, and AppArmor. It will discuss how container runtimes implement them to create a security stack that keeps the container tamed and whether if it is possible to modify them for specific use cases while explaining the security risks of such actions.